The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The JavaScript helper code.js uses require() to dynamically load language components from the prismjs library based on a computed path derived from a user-provided language identifier. Loading modules from computed paths can lead to unintended code execution if the input is not strictly validated.
[COMMAND_EXECUTION]: Multiple Python scripts, including render_slides.py, ensure_raster_image.py, and detect_font.py, invoke system binaries such as soffice (LibreOffice), inkscape, magick, and gs (Ghostscript) using subprocess.run. While these calls use list-based arguments to mitigate shell injection, they expose the agent to the complexity and potential security vulnerabilities of these third-party tools when processing untrusted files.
[DATA_EXFILTRATION]: The image.js helper employs fs.readFileSync to read local files for the purpose of determining image dimensions. This creates a potential for unauthorized local file access if an agent is directed to process sensitive file paths, although the script's output is limited to image metadata.
[PROMPT_INJECTION]: The skill is designed to process untrusted external data formats such as PowerPoint (PPTX) and PDF files. This presents a surface for indirect prompt injection, where malicious instructions could be embedded in slide content, metadata, or XML structures and subsequently influence the behavior of the agent during the rendering or inspection process.

slides